SpiderShield Security Scanner
by @teehooai
Security scanning and trust scoring for OpenClaw skills with commands for trust lookup, malware detection, config audit and auto-fix, rug pull detection, and...
clawhub install spidershieldπ About This Skill
SpiderShield Security Scanner
Security scanning and trust scoring for OpenClaw skills. 6 commands covering the full security lifecycle: trust lookup, malware scan, config audit, auto-fix, rug pull detection, and bulk scanning.
4,000+ skills pre-scanned. Precision 93%+ (improving). 0.1s trust score lookup.
Setup
The /spidershield check command works immediately β no installation needed.
It queries the SpiderRating Trust API (public, no key required).
For local scanning commands (scan, audit-config, fix, pin, scan-all), install the scanner:
pip install spidershield
Commands
/spidershield check
Check the Trust Score for a published skill. Queries the SpiderRating Trust Registry (4,000+ pre-scanned skills) and returns score, grade, capabilities, ecosystem ranking, and VirusTotal comparison.
Examples:
/spidershield check spclaudehome/web-search-pro
/spidershield check alice/my-skill
Output:
SpiderRating Skill Trust Report
ββββββββββββββββββββββββββββββββββββββββ
Skill: spclaudehome/web-search-pro
Score: 7.2 / 10 Grade: B
Verdict: β
SAFE
Precision: 93%+ (improving) π¦ Capabilities:
π Browser π¦ Installs Deps π Webhook
π Security: 0 critical Β· 0 high Β· 1 medium Β· 0 low
[HIGH] No sandbox β Agent can execute arbitrary shell commands
π Ecosystem: #142 / 4,037 skills (Top 4%)
Breakdown: Description 6.5 Β· Security 8.0 Β· Metadata 5.5
Downloads: 5,000 Active installs: 42
π‘ Rated B (7.2/10) β safe to install.
π https://spiderrating.com/servers/spclaudehome__web-search-pro
Implementation: calls scripts/check.sh $1
/spidershield scan
Scan a single skill for malicious patterns using 24 detection rules. Detects credential theft, prompt injection, crypto wallet access, obfuscated payloads, and more.
Examples:
/spidershield scan ./my-skill/
/spidershield scan ./my-skill/SKILL.md
Output:
SAFE β my-skill
or
MALICIOUS β evil-skill
β’ Reads ~/.ssh/id_rsa and sends to external webhook
β’ Base64-encoded shell command detected
Implementation: calls scripts/scan.sh $1
/spidershield audit-config [--skills] [--verify]
Audit your OpenClaw installation for insecure settings. Checks 10 configuration items including gateway binding, auth strength, sandbox mode, and file permissions.
Options:
--skills β Also scan all installed skills for malware--verify β Also verify pinned skills for tamperingExamples:
/spidershield audit-config
/spidershield audit-config --skills --verify
Implementation: calls scripts/audit-config.sh
/spidershield fix [--dry-run]
Scan OpenClaw config and auto-fix insecure settings. Shows before/after score change.
Options:
--dry-run β Preview what would be fixed without making changesExamples:
/spidershield fix --dry-run
/spidershield fix
Output:
Score: 5.2/10 -> 8.1/10
Fixed: gateway binding, auth strength, sandbox mode
Implementation: calls scripts/fix.sh
/spidershield pin add|verify|list|remove [path]
Pin skill content hashes to detect rug pull attacks β when a skill is silently modified after installation (supply chain attack).
Subcommands:
pin add β Record current content hashpin verify [path] β Check if any pinned skills were modifiedpin list β Show all pinned skillspin remove β Remove a pinExamples:
/spidershield pin add ~/.openclaw/skills/web-search-pro/
/spidershield pin verify
/spidershield pin list
Output:
OK web-search-pro
TAMPERED evil-skill
- Content hash changed since pin (possible rug pull)Results: 12 OK, 1 TAMPERED, 0 UNKNOWN
Implementation: calls scripts/pin.sh $1 $2
/spidershield scan-all
Scan ALL installed OpenClaw skills for malicious patterns in one command.
Equivalent to /spidershield audit-config --skills.
Example:
/spidershield scan-all
Implementation: calls scripts/scan-all.sh
Privacy
/check: sends only author/skill slug to SpiderRating API/scan, /audit-config, /fix, /pin, /scan-all: run entirely locally β no data leaves your machineLinks
βοΈ Configuration
The /spidershield check command works immediately β no installation needed.
It queries the SpiderRating Trust API (public, no key required).
For local scanning commands (scan, audit-config, fix, pin, scan-all), install the scanner:
pip install spidershield